Extensive protection against data theft

Companies are increasingly addressing the subject of cyber security. But what are the main cyber security issues in the coming months? An overview.

In the age of digital transformation cyber attacks on infrastructures of organisations become more and more complex and professional. As a result of this development, the top management will more than ever play a key role. “The abundance and availability of sensitive information about individuals and systems will put present cyber security strategies under great pressure to adapt,” says Björn Haan, Regional Business Field Manager Germany, TÜV Rheinland. The Cyber Security Trends of 2017 from TÜV Rheinland and OpenSky provides a deeper examination of these topics. They reflect the assessment of the current developments from its leading cyber security experts in North America, Europe and IMEA regions.

1. The force of the attacks is increasing.Who is responsible?

Additional waves of attack will follow, but there will be an increased strength behind these attacks. This raises central questions about the protection of networked devices, IT/OT networks, and connected infrastructures: Who is responsible when cyber security measures are not sufficient? Do organizations need to further tighten their requirements and governance controls?

2. The Internet of Things requires mandatory security standards.

Smart devices are becoming increasingly popular – simultaneously the protection of consumer privacy is becoming more urgent. Manufacturers of networked devices will have to introduce higher security standards. Voluntary or mandatory cyber security verification and certification for IoT devices will become more likely before their market launch.

3. 2017 will be the year of cloud security solutions.

Customer sensitivity to integrated cloud services and IT network security is increasing. Security solutions that monitor the network traffic between the cloud service client and the cloud service provider are in increasingly high demand. Furthermore, the cloud becomes increasingly the source for security solutions including real-time security analysis and the detection of anomalies by artificial intelligence (machine learning), but also for security data analytics managed services and incident response advisory services.

4. The new perfect couple: IAM and the cloud.

IAM and the cloud are becoming the new organizational perimeter. Cloud strategies will be closely interwoven with the fields of law, access and password management. The result is a consistent user and authorizations management, using roles in addition to a secure and user-friendly authentication.

Many organizations still view the subcontracting of cyber security to external partners with a critical eye. In light of the continuing lack of talent, trust in competent cyber security partners will become one of the most important success factors to protecting organizations, due in part to the growing number of internal offenders.

7. Industry 4.0: Integrating Functional ­Safety and Cyber Security.

Now more than ever, the unauthorized access exposes industry systems and critical infrastructures to safety and security risks. Since IT is an essential part of manufacturing, functional safety and cyber security will have to work together to secure data exchange, and to ensure availability and reliability of networked systems. Networked industry (Industry 4.0) organizations, in particular, will have to consider the safety and security of their products across the entire life cycle and continuously monitor them for potential risks.

8. Key Factor Endpoint Security.

Terminal devices, such as servers, laptops, mobile phones and tablets, desktop computers, etc. are among the easiest gateways for attackers to capture. Solutions limited to filtering suspected malicious content (i.e. Anti-Virus, Anti-Malware) at the endpoint, no matter how “intelligent”, will not suffice. Gaining visibility into real-time threats by monitoring and correlating with other events across the enterprise will offer superior protection against potential attacks.

9. eGRC and IT GRC are coming together.

The integrated view of IT and business risks does not only improve the regulatory reporting; it allows for an unbiased view of actual risk exposure and the protected organization’s values. Additionally, integrating eGRC and IT GRC enables management to achieve a higher decision quality within the organization. These tactics are of vital importance to organizations when considering tightened legal requirements, such as the EU data protection basic regulation, and the protection of intellectual property.